US20240154803A1 - Rekeying in authentication and key management for applications in communication network - Google Patents
Rekeying in authentication and key management for applications in communication network Download PDFInfo
- Publication number
- US20240154803A1 US20240154803A1 US18/307,952 US202318307952A US2024154803A1 US 20240154803 A1 US20240154803 A1 US 20240154803A1 US 202318307952 A US202318307952 A US 202318307952A US 2024154803 A1 US2024154803 A1 US 2024154803A1
- Authority
- US
- United States
- Prior art keywords
- application function
- key
- random value
- processor
- program code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 45
- 238000000034 method Methods 0.000 claims abstract description 57
- 230000006870 function Effects 0.000 claims description 106
- 230000015654 memory Effects 0.000 claims description 30
- 230000004044 response Effects 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 16
- 238000013523 data management Methods 0.000 claims description 3
- 238000004519 manufacturing process Methods 0.000 claims description 2
- 238000007726 management method Methods 0.000 description 36
- 238000012545 processing Methods 0.000 description 12
- 238000009795 derivation Methods 0.000 description 7
- 238000013459 approach Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- RJQIZOKNUKRKTP-UHFFFAOYSA-N N-acetyl-5-methoxykynuramine Chemical compound COC1=CC=C(N)C(C(=O)CCNC(C)=O)=C1 RJQIZOKNUKRKTP-UHFFFAOYSA-N 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 239000013598 vector Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Abstract
Techniques for authentication and key management for applications (AKMA) in a communication network are disclosed. For example, a method comprises receiving an indication from an application function that a first expiry time of a first application function key, generated using a first random value and configured to enable user equipment to participate in a session with the application function, has expired. The method generates a second application function key for the application function, using a second random value, with a second expiry time.
Description
- The field relates generally to communication networks, and more particularly, but not exclusively, to security management in such communication networks.
- This section introduces aspects that may be helpful in facilitating a better understanding of the inventions. Accordingly, the statements of this section are to be read in this light and are not to be understood as admissions about what is in the prior art or what is not in the prior art.
- Fourth generation (4G) wireless mobile telecommunications technology, also known as Long Term Evolution (LTE) technology, was designed to provide high capacity mobile multimedia with high data rates particularly for human interaction. Next generation or fifth generation (5G) technology is intended to be used not only for human interaction, but also for machine type communications in so-called Internet of Things (IoT) networks.
- While 5G networks are intended to enable massive IoT services (e.g., very large numbers of limited capacity devices) and mission-critical IoT services (e.g., requiring high reliability), improvements over legacy mobile communication services are supported in the form of enhanced mobile broadband (eMBB) services providing improved wireless Internet access for mobile devices.
- In an example communication system, user equipment (5G UE in a 5G network or, more broadly, a UE) such as a mobile terminal (subscriber) communicates over an air interface with a base station or access point of an access network referred to as a 5G AN in a 5G network. The access point (e.g., gNB) is illustratively part of an access network of the communication system. For example, in a 5G network, the access network referred to as a 5G AN is described in 5G Technical Specification (TS) 23.501, entitled “Technical Specification Group Services and System Aspects; System Architecture for the 5G System,” and TS 23.502, entitled “Technical Specification Group Services and System Aspects; Procedures for the 5G System (5GS),” the disclosures of which are incorporated by reference herein in their entireties. In general, the access point (e.g., gNB) provides access for the UE to a core network (CN or 5GC), which then provides access for the UE to other UEs and/or a data network such as a packet data network (e.g., Internet).
- TS 23.501 goes on to define a 5G Service-Based Architecture (SBA) which models services as network functions (NFs) that communicate with each other using representational state transfer application programming interfaces (Restful APIs).
- Furthermore, 5G Technical Specification (TS) 33.501, entitled “Technical Specification Group Services and System Aspects; Security Architecture and Procedures for the 5G System,” the disclosure of which is incorporated by reference herein in its entirety, further describes security management details associated with a 5G network.
- Security management is an important consideration in any communication system. However, due to continuing attempts to improve the architectures and protocols associated with a 5G network in order to increase network efficiency and/or subscriber convenience, security management issues associated with access to application functions can present a significant challenge.
- Illustrative embodiments provide rekeying techniques for authentication and key management for applications (AKMA) in a communication network.
- For example, in one illustrative embodiment, a method comprises receiving an indication from an application function that a first expiry time of a first application function key, generated using a first random value and configured to enable user equipment to participate in a session with the application function, has expired. The method generates a second application function key for the application function, using a second random value, with a second expiry time.
- Further illustrative embodiments are provided in the form of a non-transitory computer-readable storage medium having embodied therein executable program code that when executed by a processor causes the processor to perform the above steps. Still further illustrative embodiments comprise apparatus with a processor and a memory configured to perform the above steps.
- Advantageously, illustrative embodiments provide for AKMA procedures to generate a new application function key (rekey) for an application function session between a UE and a specific application function without the need to reauthenticate, thus avoiding a need to update other keys associated with a current AKMA context.
- These and other features and advantages of embodiments described herein will become more apparent from the accompanying drawings and the following detailed description.
-
FIG. 1 illustrates a communication system with which one or more illustrative embodiments may be implemented. -
FIG. 2 illustrates user equipment and network entities with which one or more illustrative embodiments may be implemented. -
FIG. 3A illustrates a procedure associated with authentication and key management for applications with which one or more illustrative embodiments can be implemented. -
FIG. 3B illustrates another procedure associated with authentication and key management for applications with which one or more illustrative embodiments can be implemented. -
FIG. 4 illustrates rekeying without reauthentication for an authentication and key management for applications procedure according to an illustrative embodiment. -
FIG. 5 illustrates rekeying without reauthentication for an authentication and key management for applications procedure according to another illustrative embodiment. - Embodiments will be illustrated herein in conjunction with example communication systems and associated techniques for security management in communication systems. It should be understood, however, that the scope of the claims is not limited to particular types of communication systems and/or processes disclosed. Embodiments can be implemented in a wide variety of other types of communication systems, using alternative processes and operations. For example, although illustrated in the context of wireless cellular systems utilizing 3GPP system elements such as a 3GPP next generation system (5G), the disclosed embodiments can be adapted in a straightforward manner to a variety of other types of communication systems.
- In accordance with illustrative embodiments implemented in a 5G communication system environment, one or more 3GPP technical specifications (TS) and technical reports (TR) may provide further explanation of network elements/functions and/or operations that may interact with parts of the inventive solutions, e.g., the above-referenced 3GPP TS 23.501 and 3GPP TS 33.501. Other 3GPP TS/TR documents may provide other details that one of ordinary skill in the art will realize. For example, TS 33.535 entitled, “Technical Specification Group Services and System Aspects; Authentication and Key Management for Applications (AKMA) Based on 3GPP Credentials in the 5G System (5GS),” TS 33.222 entitled, “Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Access to Network Application Functions Using Hypertext Transfer Protocol over Transport Layer Security (HTTPS),” and TS 33.220 entitled, “Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA),” the disclosures of which are incorporated by reference herein in their entireties, may also be mentioned below in the context of some illustrative embodiments. However, while well-suited for 5G-related 3GPP standards, embodiments are not necessarily intended to be limited to any particular standards.
- Prior to describing illustrative embodiments, a general description of certain main components of a 5G network will be described below in the context of
FIGS. 1 and 2 . -
FIG. 1 shows acommunication system 100 within which illustrative embodiments are implemented. It is to be understood that the elements shown incommunication system 100 are intended to represent main functions provided within the system, e.g., UE access functions, mobility management functions, authentication functions, serving gateway functions, etc. As such, the blocks shown inFIG. 1 reference specific elements in 5G networks that provide these main functions. However, other network elements may be used to implement some or all of the main functions represented. Also, it is to be understood that not all functions of a 5G network are depicted inFIG. 1 . Rather, at least some functions that facilitate an explanation of illustrative embodiments are represented. Subsequent figures may depict some additional elements/functions (i.e., network entities). - Accordingly, as shown,
communication system 100 comprises user equipment (UE) 102 that communicates via anair interface 103 with an access point (gNB) 104. It is to be understood that UE 102 may use one or more other types of access points (e.g., access functions, networks, etc.) to communicate with the 5G core other than a gNB. By way of example only, theaccess point 104 may be any 5G access network, an untrusted non-3GPP access network that uses an N3IWF (Non-3GPP Interworking Function), a trusted non-3GPP network that uses a TNGF (Trusted Non-3GPP Gateway Function) or wireline access that uses a W-AGF (Wireline Access Gateway Function) or may correspond to a legacy access point (e.g., eNB). - The UE 102 may be a mobile station, and such a mobile station may comprise, by way of example, a mobile telephone, a computer, an IoT device, or any other type of communication device. The term “user equipment” as used herein is therefore intended to be construed broadly, so as to encompass a variety of different types of mobile stations, subscriber stations or, more generally, communication devices, including examples such as a combination of a data card inserted in a laptop or other equipment such as a smart phone. Such communication devices are also intended to encompass devices commonly referred to as access terminals.
- In one embodiment, UE 102 is comprised of a Universal Integrated Circuit Card (UICC) part and a Mobile Equipment (ME) part. The UICC is the user-dependent part of the UE and contains at least one Universal Subscriber Identity Module (USIM) and appropriate application software. The USIM securely stores a permanent subscription identifier and its related key, which are used to uniquely identify and authenticate subscribers to access networks. The ME is the user-independent part of the UE and contains terminal equipment (TE) functions and various mobile termination (MT) functions.
- Note that, in one example, the permanent subscription identifier is an International Mobile Subscriber Identity (IMSI) unique to the UE. In one embodiment, the IMSI is a fixed 15-digit length and consists of a 3-digit Mobile Country Code (MCC), a 3-digit Mobile Network Code (MNC), and a 9-digit Mobile Station Identification Number (MSIN). In a 5G communication system, an IMSI is referred to as a Subscription Permanent Identifier (SUPI). In the case of an IMSI as a SUPI, the MSIN provides the subscriber identity. Thus, only the MSIN portion of the IMSI typically needs to be encrypted. The MNC and MCC portions of the IMSI provide routing information, used by the serving network to route to the correct home network. When the MSIN of a SUPI is encrypted, it is referred to as Subscription Concealed Identifier (SUCI). Another example of a SUPI uses a Network Access Identifier (NAI). NAI is typically used for IoT communication.
- The
access point 104 is illustratively part of an access network of thecommunication system 100. Such an access network may comprise, for example, a 5G System having a plurality of base stations. - Further, the
access point 104 in this illustrative embodiment is operatively coupled to an Access and Mobility Management Function (AMF) 106. In a 5G network, the AMF supports, inter alia, mobility management (MM) and security anchor (SEAF) functions. -
AMF 106 in this illustrative embodiment is operatively coupled to (e.g., uses the services of) other network functions 108. As shown, some of these other network functions 108 include, but are not limited to, and an Authentication and Key Management for Applications (AKMA) Anchor Function (AAnF) as will be further explained below, an Authentication Server Function (AUSF), a Unified Data Management (UDM) function, a Network Exposure Function (NEF), an Application Function (AF), and other network functions that can act as service producers (NFp) and/or service consumers (NFc). Note that any network function can be a service producer for one service and a service consumer for another service. Further, when the service being provided includes data, the data-providing NFp is referred to as a data producer, while the data-requesting NFc is referred to as a data consumer. A data producer may also be an NF that generates data by modifying or otherwise processing data produced by another NF. - Note that a UE, such as
UE 102, is typically subscribed to what is referred to as a Home Public Land Mobile Network (HPLMN) in which some or all of thefunctions UE 102, may receive services from a non-Public Network (NPN) where these functions may reside. The HPLMN is also referred to as the Home Environment (HE). If the UE is roaming (not in the HPLMN), it is typically connected with a Visited Public Land Mobile Network (VPLMN) also referred to as a visited network, while the network that is currently serving the UE is also referred to as a serving network. In the roaming case, some of the network functions 106 and 108 can reside in the VPLMN, in which case, functions in the VPLMN communicate with functions in the HPLMN as needed. However, in a non-roaming scenario, mobility management functions 106 and the other network functions 108 reside in the same communication network, i.e. HPLMN. Embodiments described herein are not necessarily limited by which functions reside in which PLMN (i.e., HPLMN or VPLMN). - The
access point 104 is also operatively coupled (via one or more offunctions 106 and/or 108) to a Session Management Function (SMF) 110, which is operatively coupled to a User Plane Function (UPF) 112.UPF 112 is operatively coupled to a Packet Data Network, e.g.,Internet 114. Note that the thicker solid lines in this figure denote a user plane (UP) of the communication network, as compared to the thinner solid lines that denote a control plane (CP) of the communication network. It is to be appreciated thatnetwork 114 inFIG. 1 may additionally or alternatively represent other network infrastructures including, but not limited to, cloud computing infrastructure and/or edge computing infrastructure. Further typical operations and functions of such network elements are not described here since they are not the focus of the illustrative embodiments and may be found in appropriate 3GPP 5G documentation. Note that functions shown in 106, 108, 110 and 112 are examples of network functions (NFs). - It is to be appreciated that this particular arrangement of system elements is an example only, and other types and arrangements of additional or alternative elements can be used to implement a communication system in other embodiments. For example, in other embodiments, the
system 100 may comprise other elements/functions not expressly shown herein. - Accordingly, the
FIG. 1 arrangement is just one example configuration of a wireless cellular system, and numerous alternative configurations of system elements may be used. For example, although only single elements/functions are shown in theFIG. 1 embodiment, this is for simplicity and clarity of description only. A given alternative embodiment may of course include larger numbers of such system elements, as well as additional or alternative elements of a type commonly associated with conventional system implementations. - It is also to be noted that while
FIG. 1 illustrates system elements as singular functional blocks, the various subnetworks that make up the 5G network are partitioned into so-called network slices. Network slices (network partitions) are logical networks that provide specific network capabilities and network characteristics that can support a corresponding service type, optionally using network function virtualization (NFV) on a common physical infrastructure. With NFV, network slices are instantiated as needed for a given service, e.g., eMBB service, massive IoT service, and mission-critical IoT service. A network slice or function is thus instantiated when an instance of that network slice or function is created. In some embodiments, this involves installing or otherwise running the network slice or function on one or more host devices of the underlying physical infrastructure.UE 102 is configured to access one or more of these services viagNB 104. -
FIG. 2 is a block diagram illustrating computing architectures for various participants in methodologies according to illustrative embodiments. More particularly,system 200 is shown comprising user equipment (UE) 202 and a plurality of network entities 204-1, . . . . , 204-N. For example, in illustrative embodiments and with reference back toFIG. 1 ,UE 202 can representUE 102, while network entities 204-1, . . . , 204-N can representfunctions UE 202 and network entities 204-1, . . . . , 204-N are configured to interact to provide security management and other techniques described herein. - The
user equipment 202 comprises aprocessor 212 coupled to amemory 216 andinterface circuitry 210. Theprocessor 212 of theuser equipment 202 includes a securitymanagement processing module 214 that may be implemented at least in part in the form of software executed by the processor. Theprocessing module 214 performs security management described in conjunction with subsequent figures and otherwise herein. Thememory 216 of theuser equipment 202 includes a securitymanagement storage module 218 that stores data generated or otherwise used during security management operations. - Each of the network entities (individually or collectively referred to herein as 204) comprises a processor 222 (222-1, . . . , 222-N) coupled to a memory 226 (226-1, . . . , 226-N) and interface circuitry 220 (220-1, . . . , 220-N). Each
processor 222 of eachnetwork entity 204 includes a security management processing module 224 (224-1, . . . , 224-N) that may be implemented at least in part in the form of software executed by theprocessor 222. Theprocessing module 224 performs security management operations described in conjunction with subsequent figures and otherwise herein. Eachmemory 226 of eachnetwork entity 204 includes a security management storage module 228 (228-1, . . . , 228-N) that stores data generated or otherwise used during security management operations. - The
processors - The
memories respective processors processors - A given one of the
memories - Further, the
memories - The
interface circuitries - It is apparent from
FIG. 2 thatuser equipment 202 and plurality ofnetwork entities 204 are configured for communication with each other as security management participants via theirrespective interface circuitries - It is to be appreciated that the particular arrangement of components shown in
FIG. 2 is an example only, and numerous alternative configurations may be used in other embodiments. For example, any given network element/function can be configured to incorporate additional or alternative components and to support other communication protocols. - Other system elements such as
gNB 104,SMF 110, andUPF 112 may each be configured to include components such as a processor, memory and network interface. These elements need not be implemented on separate stand-alone processing platforms, but could instead, for example, represent different functional portions of a single common processing platform. - More generally,
FIG. 2 can be considered to represent processing devices configured to provide respective security management functionalities and operatively coupled to one another in a communication system. - As mentioned above, the 3GPP TS 23.501 defines the 5G core network architecture as service-based, e.g., Service-Based Architecture (SBA). It is realized herein that in deploying different NFs, there can be many situations where an NF may need to interact with an entity external to the SBA-based 5G core network (e.g., including the corresponding PLMN(s), e.g., HPLMN and VPLMN). Thus, the term “internal” as used herein illustratively refers to operations and/or communications within the SBA-based 5G core network (e.g., SBA-based interfaces) and the term “external” illustratively refers to operations and/or communications outside the SBA-based 5G core network (non-SBA interfaces).
- Given the above general description of some features of a 5G network, problems with existing security (e.g., authentication and key management for applications) approaches and solutions proposed in accordance with illustrative embodiments will now be described herein below.
- As will be illustratively used herein, the following additional acronyms have the following meanings:
-
- A-KID AKMA Key IDentifier
- A-TID AKMA Temporary UE IDentifier
- AAnF AKMA Anchor Function
- AKMA Authentication and Key Management for Applications
- KAF AKMA Application Function Key
- KAKMA AKMA Anchor Key
- KDF Key Derivation Function
- RID Routing InDicator
- AKMA is Authentication and Key Management for Applications. The data in the home operator's network indicating whether or not the subscriber is allowed to use AKMA is known as AKMA subscription data. AKMA context which is maintained in a network entity known as an AAnF has a set of parameters such as SUPI, KAKMA and A-KID. The above-referenced TS 33.535 specifies the derivation of the AKMA key after primary authentication and derivation of the AKMA application key for a specific AF which are respectively described below in the context of
FIGS. 3A and 3B . -
FIG. 3A illustrates aprocedure 300 for derivation of the AKMA key after primary authentication. As shown,procedure 300 involves aUE 302, anAMF 304, anAUSF 306, aUDM 308, and anAAnF 310. Note that there is no separate authentication ofUE 302 to support AKMA functionality. Instead, AKMA reuses the 5G primary authentication procedure executed, e.g., during UE registration to authenticateUE 302. A successful 5G primary authentication results in KAUSF being stored atAUSF 306 andUE 302. Thus,FIG. 3A showsprocedure 300 to derive KAKMA (after a successful primary authentication) in the context of steps 1-5. -
Step 1. During the primary authentication procedure,AUSF 306 interacts withUDM 308 in order to fetch authentication information such as subscription credentials (e.g., AKMA authentication vectors) and the authentication method using the Nudm_UEAuthentication_Get Request service operation. -
Step 2. In the response,UDM 308 may also indicate to AUSF 306 whether AKMA anchor keys need to be generated forUE 302. If the AKMA indication (Ind) is included,UDM 308 also includes the RID ofUE 302. -
Steps 3a and 3b. IfAUSF 306 receives the AKMA indication fromUDM 308,AUSF 306 stores KAUSF (note that K generally refers to a key, such as a cryptographic key, and the subscript refers to a function, purpose, and/or source, of the key) and generates the AKMA anchor key (KAKMA) and the A-KID from KAusF after the primary authentication procedure is successfully completed. Also,UE 302 generates the AKMA anchor key (K AKMA) and the A-KID from the KAUSF before initiating communication with an AKMA application function (AF). -
Step 4. After AKMA key material is generated,AUSF 306 selects an AAnF as defined in the above-referenced TS 33.535, i.e.,AAnF 310 in this example, and sends the generated A-KID, and KAKMA toAAnF 310 together with the SUPI ofUE 302 using the Naanf_AKMA_KeyRegistration Request service operation.AAnF 310 stores the latest information sent byAUSF 306. Note thatAUSF 306 need not store any AKMA key material after delivery toAAnF 310. Further note that when a need for reauthentication occurs, in the existing procedure,AUSF 306 generates a new A-KID, and a new KAKMA and sends the new generated A-KID and KAKMA toAAnF 310. After receiving the new generated A-KID and KAKMA,AAnF 310 deletes the old A-KID and KAKMA and stores the new generated A-KID and KAKMA. -
Step 5.AAnF 310 sends a response toAUSF 306 using the Naanf_AKMA_AnchorKey_Register Response service operation. - Note that A-KID identifies the KAKMA key of
UE 302. A-KID is in NAI format, i.e., username@realm. The username part includes RID and A-TID (AKMA Temporary UE Identifier), and the realm part includes the Home Network Identifier. A-TID is derived from KAUSF as specified in the above-referenced TS 33.535.AUSF 306 uses the RID received fromUDM 308 as described instep 2 to derive A-KID. Note that the chance of an A-TID collision is not zero but practically low as the A-TID derivation is based on a KDF specified in the above-referenced TS 33.220. The detection of an A-TID collision as well as potential handling of the collision is not expressly addressed herein. KAKMA is derived from KAusF as specified in the above-referenced TS 33.535. Since KAKMA and A-TID in A-KID are both derived from KAUSF based on the primary authentication run, in the existing procedure, KAKMA and A-KID can only be refreshed by a new successful primary authentication. -
FIG. 3B illustrates aprocedure 320 for derivation of the AKMA application function key for aspecific AF 312. Note that the other participants inprocedure 320 are the same as described above in the context ofprocedure 300 inFIG. 3A . More particularly,FIG. 3B shows steps 1-5 inprocedure 320 used by anAF 312 to request application function specific AKMA keys fromAAnF 310, whenAF 312 is located inside the operator's network. - Before communication between
UE 302 andAF 312 can start,UE 302 andAF 312 need to know whether to use AKMA. This knowledge is implicit to the specific application onUE 302 andAF 312 or indicated byAF 312 toUE 302. -
Step 1.UE 302 generates the AKMA anchor key (KAKMA) and A-KID from KAUSF before initiating communication with AF 312 (the AKMA application function). WhenUE 302 initiates communication withAF 312, it includes the derived A-KID in the Application Session Establishment Request message.UE 302 may derive KAF before sending the message or afterwards. -
Step 2. IfAF 312 does not have an active context associated with A-KID, thenAF 312 selects an AAnF, i.e.,AAnF 310 in this example, and sends a Naanf_AKMA_ApplicationKey_Get request toAAnF 310 with A-KID to request KAF forUE 302.AF 312 also includes its identity (AF_ID) in the request. - AF_ID consists of the fully qualified domain name (FQDN) of the AF and the Ua* security protocol identifier. The latter parameter identifies the security protocol that the AF will use with the UE.
-
AAnF 310 checks whether it can provide the service toAF 312 based on the configured local policy or based on the authorization information or policy provided by a Network Repository Function (NRF, not explicitly shown) using the AF_ID. If it succeeds, the following steps are executed. Otherwise,AAnF 310 rejects the procedure: -
AAnF 310 verifies whether the subscriber is authorized to use AKMA based on the presence of the UE specific K AKMA key identified by A-KID. -
- If KAKMA is present in
AAnF 310, thenAAnF 310 continues withstep 3. - If K AKMA is not present in
AAnF 310, thenAAnF 310 continues withstep 4 with an error response.
- If KAKMA is present in
-
Step 3.AAnF 310 derives the AKMA application key (KAF) from KAKMA if it does not already have KAF. The key derivation of KAF is performed as specified in the above-referenced TS 33.535. -
Step 4.AAnF 310 sends Naanf_AKMA_ApplicationKey_Get response toAF 312 with SUPI, KAF and the KAF expiration time. -
Step 5.AF 312 sends the Application Session Establishment Response toUE 302. If the information instep 4 indicates failure of the AKMA key request,AF 312 rejects the Application Session Establishment by including a failure cause. Afterwards,UE 302 may trigger a new Application Session Establishment request with the latest A-KID toAF 312. - It is further realized that a UE Parameters Update (UPU) procedure may be performed. The purpose of the CP solution for the update of UE parameters is to allow the HPLMN to update
UE 302 with a specific set of parameters, generated and stored inUDM 308, by delivering protected UDM Update Data via NAS signalling. The HPLMN updates such parameters based on the operator policies. The UDM Update Data thatUDM 308 delivers toUE 302 may contain: (i) one or more UE parameters including: the updated Default Configured NSSAI (final consumer of the parameter is the ME), and the updated Routing Indicator Data (final consumer of the parameter is the USIM); (ii) a “UE acknowledgement requested” indication; and (iii) a “re-registration requested” indication. - However, the existing approaches do not consider the scenario where the provisioned key KAF expired in a trusted AF or an untrusted AF for the AKMA use case. If the primary authentication is triggered due to expiry of keys in the AF, then the existing approach results in all AFs linked to this SUPI needing to update the keys.
- Illustrative embodiments overcome the above and other drawbacks by providing technical solutions which affect only that particular AF alone instead of other AFs. Such technical solutions may be implemented in several illustrative embodiments.
- For example, in one illustrative embodiment, when a trusted or untrusted AF key KAF lifetime expires (or due to one or more other reasons), the new keys are needed at the AF to provide service to the UE. The AF sends the key expiry indication toward AAnF. The AAnF generates a new RAND value and with KAKMA key and AF_ID, generates the new key KAF. The generated KAF along with a new expiry time and the RAND value is sent to the AF. The AF further sends the RAND value to the UE, so the same KAF can be generated at the UE as well. Note that the RAND generated is sent from the AF to the UE via the Ua* interface.
- In another illustrative embodiment, when a trusted or untrusted AF key KAF lifetime expires (or due to one or more other reasons), the new keys are needed to continue the session. The AF sends the key expiry indication toward AAnF. The AAnF generates a new RAND value and with KAKMA key and AF_ID, generates the new key KAF. The AAnF sends the key update request message to the UDM with a newly generated RAND value. The UDM uses the UPU procedure to securely share the AF_ID and RAND value to the UE. The UE newly generates the KAF based on received parameters. After the acknowledgement is received for UPU, i.e., the update is successful, the UDM sends a key update response to the AAnF. The AAnF passes the previously generated KAF to the AF, only after the UE update is successful.
- In yet another illustrative embodiment, a combination of the above two procedures can be used.
- In accordance with illustrative embodiments, when deriving KAF from KAKMA, the following parameters can be used to form the input S to the KDF:
-
- FC=0x82;
- PO=AF_ID;
- LO=length of AF_ID;
- P1=RAND;
- L1=length of RAND (i.e., 0x00 0x10);
- The input key is KAKMA. AF_ID is constructed as follows:
- AF_ID=FQDN of the AF II Ua* security protocol identifier, where the Ua* security protocol identifier is specified as Ua security protocol identifier in the above-referenced TS 33.220.
- Turning now to
FIG. 4 , rekeying without reauthorization for an authentication and key management forapplications procedure 400 is shown according to an illustrative embodiment. More particularly,FIG. 4 illustrates AKMA rekeying without re-authentication using the Ua* interface. As shown,procedure 400 involves aUE 402, anAUSF 404, aUDM 406, anAAnF 408, a trusted AF 410 (AF1), aNEF 412, and an untrusted AF 414 (AF2). Furthermore,procedure 400 comprises three use cases: initial AKMA procedures use case 400-A; a trusted AF use case 400-B; and an untrusted AF use case 400-C. Each use case will be explained in detail below. - Initial AKMA procedures use case 400-A.
- During the primary authentication procedure,
UDM 406 passes the AKMA indication value, set to true or false, and the routing indicator value (which is used in A-KID generation and discovering the suitable AAnF instance, in this example, AAnF 408) to AUSF 404. - After the authentication is successful, the AMKA key and A-KID are generated at
AUSF 404. -
AUSF 404 passes information such as SUPI, A-KID and KAKMA toAAnF 408. - AKMA context is maintained in
AAnF 408 with received information fromAUSF 404. -
AAnF 408 generates a different set of KAF keys and shares it toAFs - Trusted AF use case 400-B.
- When
UE 402 tries to start a session with AF1 (trusted AF 410), it sends an application session establishment request with A-KID towards AF1 via Ua* interface. - AF1 checks for the expiry time for KAF1 and if it has expired, then AF1 triggers an AKMA application key get request with AK-KID, AF_ID1, and a key expiry indication.
-
AAnF 408 generates a new RAND1 value and with the existing K AKMA and AF_ID1, a new key KAF1 is generated. - The newly generated key, expiry time, SUPI and the generated RAND1 are sent to AF1 with the response message.
- AF1 sends the application session establishment response with RAND1 to
UE 402 via the Ua* interface. -
UE 402 uses the same parameters such as KAKMA, AF_ID1, and RAND1 to generate the new key KAF1. - Untrusted AF use case 400-C.
- When
UE 402 tries to start a session with AF2 (untrusted AF 414), it sends an application session establishment request with A-KID towards AF2 via the Ua* interface. - AF2 checks for the expiry time for the KAF2 and if it has expired, then AF2 triggers an AKMA application key get request with AK-KID, AF_ID2, and a key expiry indication.
NEF 412 forwards the request from AF2 toAAnF 408. -
AAnF 408 generates a new RAND2 value and with existing parameters in AKMA context K AKMA and received AF_ID2, a new key KAF2 is generated. - The newly generated key, expiry time, SUPI, and the generated RAND2 are sent to AF2 with the response message via
NEF 412. - AF2 sends the application session establishment response with RAND2 to
UE 402 via Ua* interface. -
UE 402 uses the same parameters such as KAKMA, AF_ID2, and RAND2 to generate a new key KAF2. - Lastly,
FIG. 5 illustrates rekeying without reauthorization for an authentication and key management forapplications procedure 500 according to an illustrative embodiment. More particularly,FIG. 4 illustrates AKMA rekeying without re-authentication using UPU interface. As shown,procedure 500 involves aUE 502, anAUSF 504, aUDM 506, anAAnF 508, a trusted AF 510 (AF1), aNEF 512, and an untrusted AF 514 (AF2). Furthermore,procedure 500 comprises three use cases: initial AKMA procedures use case 500-A; a trusted AF use case 500-B; and an untrusted AF use case 500-C. Each use case will be explained in detail below. - Initial AKMA procedures use case 500-A.
- During the primary authentication procedure,
UDM 506 passes the AKMA indication value, set to true or false, and the routing indicator value (which is used in A-KID generation and discovering the suitable AAnF instance, in this example, AAnF 508) to AUSF 504. - After the authentication is successful, the AMKA key and A-KID are generated at
AUSF 504. -
AUSF 504 passes information such as SUPI, A-KID and KAKMA toAAnF 508. - AKMA context is maintained in
AAnF 508 with received information fromAUSF 504. -
AAnF 508 generates a different set of KAF keys and shares it toAFs - Trusted AF use case 500-B.
- When
UE 502 tries to start a session with AF1 (trusted AF 510), it sends the application session establishment request with A-KID towards AF1 via Ua* interface. - AF1 checks for the expiry time for KAF1 and if it has expired, then AF1 triggers an AKMA application key get request with AK-KID, AF_ID1, and key expiry indication.
-
AAnF 508 generates a new RAND1 value and with existing KAKMA, AF_ID1, a new key KAF1 is generated. -
AAnF 508 sends a key update request message with SUPI, AF_ID1 and generated RAND1 toUDM 506. -
UDM 506 uses the UPU procedure (currently only supports sending default configured NSSAI and routing indicator data) to newly share the RAND1 and AF_ID1 securely toUE 502. The existing UPU framework is re-used but with the extension of these new parameters. -
UE 502 receives the RAND1, AF_ID1 and generated key KAF1. -
UDM 506 receives the acknowledgement fromUE 502 for UPU updates. - Newly generated key KAF1, expiry time, and SUPI are sent to AF1 with the application key response message.
- AF1 sends back the application session establishment response message to
UE 502. - Untrusted AF use case 500-C.
- When
UE 502 tries to start a session with AF2 (untrusted AF 514), it sends the application session establishment request with A-KID towards AF2 via Ua* interface. - AF2 checks for the expiry time for KAF2 and if it has expired, then AF2 triggers an AKMA application key get request with AK-KID, AF_ID2 and key expiry indication towards
NEF 512.NEF 512 forwards the request toAAnF 508. -
AAnF 508 generates a new RAND2 value and with existing KAKMA, AF_ID2, a new key KAF2 is generated. -
AAnF 508 sends a key update request message with SUPI, AF_ID2 and generated RAND2 toUDM 506. -
UDM 506 uses the UPU procedure (currently only supports sending default configured NSSAI and routing indicator data) to newly share the RAND2 and AF_ID2 securely toUE 502. The existing UPU framework and signal is re-used but with the extension of these new parameters. -
UE 502 receives the RAND2, AF_ID2 and generated Key KAF2 -
UDM 506 receives the acknowledgement fromUE 502 for UPU updates. - Newly generated key KAF2, expiry time, and SUPI are sent to AF2 with the application key response message.
- AF2 sends back the application session establishment response message to
UE 502. - It is to be appreciated that
procedure 400 ofFIG. 4 andprocedure 500 ofFIG. 5 can be combined in an additional illustrative embodiment. If the Ua* protocol does not support informing the UE about the new RAND value (plus other values), then the AF indicates the same to the AAnF. Then, the AAnF initiatesprocedure 500 ofFIG. 5 . If the Ua* protocol supports informing the UE about the new RAND value (plus other values), then the AF informs the same to the AAnF. Then, the AAnF initiatesprocedure 400 ofFIG. 4 . - Advantageously, upon expiration of the previous application function key and rekeying with a new application function key as explained herein in accordance with illustrative embodiments, the UE (e.g., 402/502) and the AF (e.g., 410/510 or 414/514) continue the session because both now have valid keys. In one illustrative embodiment, the UE can resend the request to the same AF to restart the communication.
- As used herein, it is to be understood that the term “communication network” in some embodiments can comprise two or more separate communication networks. Further, the particular processing operations and other system functionality described in conjunction with the diagrams described herein are presented by way of illustrative example only, and should not be construed as limiting the scope of the disclosure in any way. Alternative embodiments can use other types of processing operations and messaging protocols. For example, the ordering of the steps may be varied in other embodiments, or certain steps may be performed at least in part concurrently with one another rather than serially. Also, one or more of the steps may be repeated periodically, or multiple instances of the methods can be performed in parallel with one another.
- It should again be emphasized that the various embodiments described herein are presented by way of illustrative example only and should not be construed as limiting the scope of the claims. For example, alternative embodiments can utilize different communication system configurations, user equipment configurations, base station configurations, provisioning and usage processes, messaging protocols and message formats than those described above in the context of the illustrative embodiments. These and numerous other alternative embodiments within the scope of the appended claims will be readily apparent to those skilled in the art.
Claims (17)
1. An apparatus comprising:
at least one processor and at least one memory including computer program code;
the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus at least to:
receive an indication from an application function that a first expiry time of a first application function key, generated using a first random value and configured to enable user equipment to participate in a session with the application function, has expired; and
generate a second application function key for the application function, using a second random value, with a second expiry time.
2. The apparatus of claim 1 , wherein an identifier of the application function and an anchor key associated with the apparatus are also used to generate the second application function key.
3. The apparatus of claim 1 , wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to send the second application function key, the second random value, and the second expiry time to the application function.
4. The apparatus of claim 1 , wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to send the second random value in a key update request to a network entity configured to provide a unified data management function.
5. The apparatus of claim 4 , wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to receive a key update response from the network entity.
6. The apparatus of claim 5 , wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to, when the key update response is indicative that the user equipment successfully generated the second application function key based on updated parameters provided thereto by the network entity, send the second application function key, the second random value, and the second expiry time to the application function.
7. The apparatus of claim 1 , wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to determine which one of a plurality of procedures to initiate to update the user equipment with the second random value, wherein the determination is based on a security protocol supported by the user equipment.
8. A method comprising:
receiving, at a network entity configured to provide an anchor function, an indication from an application function that a first expiry time of a first application function key, generated using a first random value and configured to enable user equipment to participate in a session with the application function, has expired; and
generating, at the network entity, a second application function key for the application function, using a second random value, with a second expiry time.
9. An article of manufacture comprising a non-transitory computer-readable storage medium having embodied therein executable program code that when executed by a processor causes the processor to perform the step of claim 8 .
10. An apparatus comprising:
at least one processor and at least one memory including computer program code;
the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus at least to:
send, to a network entity configured to provide an anchor function, an indication that a first expiry time of a first application function key, generated by the network entity using a first random value and configured to enable user equipment to participate in a session with the apparatus, has expired; and
receive, from the network entity, a second application function key, a second random value, and a second expiry time, wherein the second application function key is generated by the network entity using a second random value.
11. The apparatus of claim 10 , wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to send the second random value to the user equipment to enable the user equipment to generate the second application function key.
12. The apparatus of claim 10 , wherein the second application function key, the second random value, and the second expiry time, are received from the network entity following the network entity receiving an indication that the user equipment successfully generated the second application function key based on updated parameters.
13. An apparatus comprising:
at least one processor and at least one memory including computer program code;
the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus at least to:
in response to expiration of a first application function key generated based on a first random value to enable the apparatus to participate in a session with an application function, receive a second random value; and
generate a second application function key based on the second random value.
14. The apparatus of claim 13 , wherein the second random value is received from the application function.
15. The apparatus of claim 13 , wherein the second random value is received from a network entity configured to operate as a unified data management function.
16. The apparatus of claim 15 , wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to send an indication of successful generation of the second application function key to the network entity.
17. The apparatus of claim 13 , wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to re-initiate communication with the application function based on the generated second application function key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US18/307,952 US20240154803A1 (en) | 2022-04-29 | 2023-04-27 | Rekeying in authentication and key management for applications in communication network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US202263336531P | 2022-04-29 | 2022-04-29 | |
US18/307,952 US20240154803A1 (en) | 2022-04-29 | 2023-04-27 | Rekeying in authentication and key management for applications in communication network |
Publications (1)
Publication Number | Publication Date |
---|---|
US20240154803A1 true US20240154803A1 (en) | 2024-05-09 |
Family
ID=90928344
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/307,952 Pending US20240154803A1 (en) | 2022-04-29 | 2023-04-27 | Rekeying in authentication and key management for applications in communication network |
Country Status (1)
Country | Link |
---|---|
US (1) | US20240154803A1 (en) |
-
2023
- 2023-04-27 US US18/307,952 patent/US20240154803A1/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11038923B2 (en) | Security management in communication systems with security-based architecture using application layer security | |
US11722891B2 (en) | User authentication in first network using subscriber identity module for second legacy network | |
US20210250186A1 (en) | Security management for edge proxies on an inter-network interface in a communication system | |
US10893026B2 (en) | Privacy managing entity selection in communication system | |
CN112020869B (en) | Unified subscription identifier management in a communication system | |
US11924641B2 (en) | Security management for service access in a communication system | |
WO2020254918A1 (en) | Secure access control in communication system | |
US20230232240A1 (en) | Subscription data update method and apparatus, node, and storage medium | |
WO2022018580A1 (en) | Service authorization in communication systems | |
US11789803B2 (en) | Error handling framework for security management in a communication system | |
US11564086B2 (en) | Secure mobile-terminated message transfer | |
WO2021090171A1 (en) | Authorization in a service communication proxy | |
US20230045417A1 (en) | Authentication between user equipment and communication network for onboarding process | |
US11659387B2 (en) | User equipment authentication preventing sequence number leakage | |
US20240154803A1 (en) | Rekeying in authentication and key management for applications in communication network | |
WO2020208295A1 (en) | Establishing secure communication paths to multipath connection server with initial connection over private network | |
WO2020208294A1 (en) | Establishing secure communication paths to multipath connection server with initial connection over public network | |
WO2020178046A1 (en) | User equipment-initiated request for type of authentication and key agreement exchange in a communication system | |
US11956627B2 (en) | Securing user equipment identifier for use external to communication network | |
US20230269583A1 (en) | Authentication failure cause notification in communication system | |
EP4322480A1 (en) | Secure identification of applications in communication network | |
US20240114057A1 (en) | Secure user equipment policy data in a communication network environment | |
US20220360584A1 (en) | Data management for authorizing data consumers in communication network | |
WO2023248160A1 (en) | Protection scheme configuration in communication network environment |